package com.study.springsecurity.controller;

import com.study.springsecurity.pojo.Result;
import com.study.springsecurity.service.RoleInfoService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 测试在自定义FilterInvocationSecurityMetadataSource和AccessDecisionManager后
 * 通过 http.authorizeRequests().antMatchers().hasAnyRole() 的形式配置URL权限是否生效
 */
@Slf4j
@RestController
@RequestMapping("/testCodeConfigMatcher")
public class TestCodeConfigMatcherController {

    @Autowired
    private RoleInfoService roleInfoService;

    /**
     * 测试权限配置是通过代码HttpSecurity在代码中配置
     *
     * @return
     */
    @GetMapping("/test1")
    public Result<String> test1() {
        return new Result<>("该接口的权限配置是通过代码HttpSecurity在代码中配置");
    }


    /**
     * 测试权限配置是通过代码HttpSecurity在代码中配置
     *
     * @return
     */
    @GetMapping("/test2")
    public Result<String> test2() {
        return new Result<>("该接口的既没有在数据库中也没有在代码中进行权限配置，最终会被anyRequest().denyAll()拦截无法访问");
    }
}
